Published: 1 September, 2017

CIOs Preparing To Beef Up Data Units As GDPR Looms Large

With GDPR’s implementation date less than a year away, one recruitment specialist has shed light on chief investment officers’ plans for recruitment drives.

Two-thirds of chief investment officers will hire permanent staff to help their firms comply with extensive European reforms to data protection laws, new data suggests, highlighting both the physical and monetary burden of compliance with the new regime that kicks in from the middle of 2018.

Some 66 per cent of CIOs will hire additional employees to cope with the European Union’s General Data Protection Regulation, or GDPR, according to research from recruitment specialist Robert Half UK. A further 64 per cent will hire temporary or interim staff to ensure they have the right talent on board to manage changes in data management and reporting.

GDPR is one of the most prominent pieces of European regulation looming large on the horizon that all entities holding personal data must comply with. Aimed at reforming the 1995 EU Data Protection Directive to better protect the public’s personal information, GDPR enters into force on 25 May, 2018 and, unlike a directive, does not require enabling legislation to be passed by governments.

And stakes are high: institutions that fail to comply with the regulation risk paying hefty penalties as high as €20 million, or 4 per cent of annual global turnover – whichever is greater.

As organisations begin to concentrate on compliance initiatives, the demand for permanent project managers (33 per cent), business analysts (26 per cent) and data protection officers (26 per cent) will rise, Robert Half UK says.

“As demand for candidates with the required technical and project management skills reaches fever pitch, business should seek out those with the transferable skills required to ensure compliance,” said Phil Sheridan, senior managing director for United Arab Emirates and South America at Robert Half UK. “While GDPR-certified practitioners are in short supply, project managers and business analysts with experience in MiFID ll… among others, will have the requisite skills to support, particularly on an interim and project basis.”
The wealth management sector is already trying to figure out the effect GDPR will have in terms of cost and impact on its business. (See an example of an analysis here.) One area of concern is that the data-protection requirements of the new regime could be at odds with the very different demands of the European Union’s MiFID II regulatory regime (see here). Another article examining the potential for a clash – and how to avoid it – is here.

Whole areas of modern business, such as cloud computing services, social media channels, among others, will be affected by GDPR. Failure to comply with the rules can lead to organisations – not just commercial bodies – being fined.